Vulnerability in Apache Software Foundation Ofbiz

References

• lists.apache.org/thread.html/r3c1802eaf34aa78a61b4e8e044c214bc94accbd28a11f3a27… (x_refsource_MISC)
• [ofbiz-notifications] 20210324 [jira] [Commented] (OFBIZ-12167) Adds a blacklist (to be renamed soon to denylist) in Java serialisation (CVE-2021-26295) (mailing-list, x_refsource_MLIST)
• [ofbiz-dev] 20210325 Comment out the SOAP and HTTP engines? (mailing-list, x_refsource_MLIST)
• [ofbiz-dev] 20210325 Re: Comment out the SOAP and HTTP engines? (mailing-list, x_refsource_MLIST)
• [ofbiz-dev] 20210329 Re: Comment out the SOAP and HTTP engines? (mailing-list, x_refsource_MLIST)
• [ofbiz-notifications] 20210329 [jira] [Commented] (OFBIZ-12167) Adds a blacklist (to be renamed soon to denylist) in Java serialisation (CVE-2021-26295) (mailing-list, x_refsource_MLIST)
• [ofbiz-notifications] 20210329 [jira] [Commented] (OFBIZ-6942) Comment out RMI related code because of the Java deserialization issue [CVE-2016-2170] (mailing-list, x_refsource_MLIST)
• packetstormsecurity.com/files/162104/Apache-OFBiz-SOAP-Java-Deserialization.html (x_refsource_MISC)
• [ofbiz-notifications] 20210427 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128] (mailing-list, x_refsource_MLIST)
• [ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07 (mailing-list, x_refsource_MLIST)